{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T10:05:44Z","timestamp":1776852344396,"version":"3.51.2"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2020,8,18]],"date-time":"2020-08-18T00:00:00Z","timestamp":1597708800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,8,18]],"date-time":"2020-08-18T00:00:00Z","timestamp":1597708800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"published-print":{"date-parts":[[2020,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user\u2019s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks<\/jats:p>","DOI":"10.1186\/s13635-020-00113-y","type":"journal-article","created":{"date-parts":[[2020,8,18]],"date-time":"2020-08-18T11:02:57Z","timestamp":1597748577000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":39,"title":["A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm"],"prefix":"10.1186","volume":"2020","author":[{"given":"Oluwakemi Christiana","family":"Abikoye","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdullahi","family":"Abubakar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmed Haruna","family":"Dokoro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4940-5709","authenticated-orcid":false,"given":"Oluwatobi Noah","family":"Akande","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aderonke Anthonia","family":"Kayode","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,8,18]]},"reference":[{"key":"113_CR1","unstructured":"Acunetix_web_application_vulnerability_report_2019"},{"key":"113_CR2","doi-asserted-by":"publisher","first-page":"678","DOI":"10.1016\/j.procs.2018.08.218","volume":"135","author":"B Soewito","year":"2018","unstructured":"B. Soewito, F.E. Gunawan, Prevention structured query language injection using regular regular expression and escape string. Procedia Comput. Sci. 135, 678\u2013687 (2018) https:\/\/doi.org\/10.1016\/j.procs.2018.08.218","journal-title":"Procedia Comput. Sci."},{"key":"113_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.sysarc.2015.11.001","volume":"000","author":"MA Ahmed","year":"2015","unstructured":"M.A. Ahmed, F. Ali, Multiple-path testing for cross site scripting using genetic algorithms. J. Syst. Archit. 000, 1\u201313 (2015) https:\/\/doi.org\/10.1016\/j.sysarc.2015.11.001","journal-title":"J. Syst. Archit."},{"key":"113_CR4","doi-asserted-by":"publisher","unstructured":"Y. Jang, J. Choi, Detecting SQL injection attacks using query result size. Comput Security, 1\u201315 (2014) https:\/\/doi.org\/10.1016\/j.cose.2014.04.007","DOI":"10.1016\/j.cose.2014.04.007"},{"key":"113_CR5","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1016\/j.jisa.2018.04.001","volume":"40","author":"PR Mcwhirter","year":"2018","unstructured":"P.R. Mcwhirter, K. Kifayat, Q. Shi, B. Askwith, SQL injection attack classification through the feature extraction of SQL query strings using a gap-weighted string subsequence kernel. J. Inform. Sec. Appl. 40, 199\u2013216 (2018) https:\/\/doi.org\/10.1016\/j.jisa.2018.04.001","journal-title":"J. Inform. Sec. Appl."},{"key":"113_CR6","doi-asserted-by":"publisher","unstructured":"O.C. Abikoye, A.D. Haruna, A. Abubakar, N.O. Akande, E.O. Asani, Modified advanced encryption standard algorithm for information security. Symmetry 11, 1\u201317 (2019) https:\/\/doi.org\/10.3390\/sym11121484","DOI":"10.3390\/sym11121484"},{"key":"113_CR7","doi-asserted-by":"publisher","unstructured":"N.O. Akande, C.O. Abikoye, M.O. Adebiyi, A.A. Kayode, A.A. Adegun, R.O. Ogundokun, in International Conference on Computational Science and Its Applications. Electronic medical information encryption using modified blowfish algorithm (Springer, Cham, 2019), pp. 166\u2013179 https:\/\/doi.org\/10.1007\/978-3-030-24308-1_14","DOI":"10.1007\/978-3-030-24308-1_14"},{"key":"113_CR8","doi-asserted-by":"publisher","unstructured":"A.O. Christiana, A.N. Oluwatobi, G.A. Victory, O.R. Oluwaseun, A Secured One Time Password Authentication Technique using (3, 3) Visual Cryptography Scheme. IOP Conf. Series: Journal of Physics: Conf. Series 1299, 1\u201310 (2019 https:\/\/doi.org\/10.1088\/1742-6596\/1299\/1\/012059)","DOI":"10.1088\/1742-6596\/1299\/1\/012059"},{"issue":"1","key":"113_CR9","first-page":"16","volume":"1","author":"Q Temeiza","year":"2017","unstructured":"Q. Temeiza, M. Temeiza, J. Itmazi, A novel method for preventing SQL injection using SHA-1 algorithm and syntax-awareness. Sudanese J. Comput. Geoinform. 1(1), 16\u201326 (2017)","journal-title":"Sudanese J. Comput. Geoinform."},{"key":"113_CR10","series-title":"Symposium on Computer Applications and Industrial Electronics","first-page":"60","volume-title":"Detection model for SQL injection attack : an approach for preventing a web application from the SQL injection attack","author":"G Buja","year":"2014","unstructured":"G. Buja, T.F. Abdul, B.A.J. Kamarularifin, M.A. Fakariah, T.F. Abdul-Rahman, Detection model for SQL injection attack : an approach for preventing a web application from the SQL injection attack, Symposium on Computer Applications and Industrial Electronics (2014), pp. 60\u201364"},{"key":"113_CR11","first-page":"1","volume-title":"International Conference on Pervasive Computing (ICPC). A novel approach for detection of SQL injection and cross site scripting attacks","author":"AS Piyush","year":"2015","unstructured":"A.S. Piyush, A.N. Mhetre, International Conference on Pervasive Computing (ICPC). A novel approach for detection of SQL injection and cross site scripting attacks (2015), pp. 1\u20134"},{"key":"113_CR12","series-title":"IEEE International Conference on Computer and Communications","first-page":"1153","volume-title":"Research and implementation of SQL injection prevention method based on ISR","author":"C Ping","year":"2016","unstructured":"C. Ping, W. Jinshuang, P. Lin, Y. Han, Research and implementation of SQL injection prevention method based on ISR, IEEE International Conference on Computer and Communications (2016), pp. 1153\u20131156"},{"key":"113_CR13","series-title":"International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), (978)","first-page":"596","volume-title":"SQL injection avoidance for protected database with ASCII using SNORT and honeypot","author":"U Upadhyay","year":"2016","unstructured":"U. Upadhyay, K. Girish, SQL injection avoidance for protected database with ASCII using SNORT and honeypot, International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), (978) (2016), pp. 596\u2013599"},{"key":"113_CR14","series-title":"IEEE International Conference on Software Engineering and Service Science (ICSESS)","first-page":"583","volume-title":"SQL injection attack detection using fingerprints and pattern matching technique","author":"B Appiah","year":"2017","unstructured":"B. Appiah, E. Opoku-mensah, SQL injection attack detection using fingerprints and pattern matching technique, IEEE International Conference on Software Engineering and Service Science (ICSESS) (2017), pp. 583\u2013587"},{"key":"113_CR15","series-title":"2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)","first-page":"1792","volume-title":"A second-order SQL injection detection method","author":"C Ping","year":"2017","unstructured":"C. Ping, A second-order SQL injection detection method, 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC) (2017), pp. 1792\u20131796"},{"key":"113_CR16","doi-asserted-by":"publisher","first-page":"12","DOI":"10.11648\/j.ajnc.s.2015040301.13","volume-title":"An adaptive algorithm to prevent SQL injection. 4","author":"A John","year":"2015","unstructured":"A. John, A. Agarwal, M. Bhardwaj, An adaptive algorithm to prevent SQL injection. 4 (2015), pp. 12\u201315 https:\/\/doi.org\/10.11648\/j.ajnc.s.2015040301.13"},{"key":"113_CR17","doi-asserted-by":"publisher","DOI":"10.1109\/ITACT.2015.7492650","volume-title":"An Authentication Mechanism to Prevent SQL Injection by Syntactic Analysis","author":"A Ramesh","year":"2015","unstructured":"A. Ramesh, An Authentication Mechanism to Prevent SQL Injection by Syntactic Analysis (2015)"},{"key":"113_CR18","series-title":"IEEE International Conference on Recent Trends in Electronics Information & Communication Technology (RTEICT)","first-page":"697","volume-title":"An effective method for preventing SQL injection attack and session hijacking","author":"D Karis","year":"2017","unstructured":"D. Karis, J. Vanajakshi, K.N. Manjunath, P. Srikanth, An effective method for preventing SQL injection attack and session hijacking, IEEE International Conference on Recent Trends in Electronics Information & Communication Technology (RTEICT) (2017), pp. 697\u2013701"},{"key":"113_CR19","series-title":"International Advance Computing Conference (IACC)","first-page":"237","volume-title":"SQLI detection system for a safer web application","author":"A Pramod","year":"2015","unstructured":"A. Pramod, A. Ghosh, A. Mohan, M. Shrivastava, R. Shettar, SQLI detection system for a safer web application, International Advance Computing Conference (IACC) (2015), pp. 237\u2013240"},{"key":"113_CR20","series-title":"International Conference \u201cRadio Electronics & InfoCommunications\u201d (UkrMiCo)","first-page":"2","volume-title":"SQL injection prevention system","author":"OP Voitovych","year":"2016","unstructured":"O.P. Voitovych, O.S. Yuvkovetskyi, L.M. Kupershtein, SQL injection prevention system, International Conference \u201cRadio Electronics & InfoCommunications\u201d (UkrMiCo) (2016), pp. 2\u20135"},{"key":"113_CR21","series-title":"IEEE International Conference on Computer and Communications","first-page":"1153","volume-title":"Research and implementation of SQL injection prevention method based on ISR","author":"P Chen","year":"2016","unstructured":"P. Chen, J. Wang, L. Pan, H. Yu, Research and implementation of SQL injection prevention method based on ISR, IEEE International Conference on Computer and Communications (IEEE, Chengdu, 2016), pp. 1153\u20131156"},{"key":"113_CR22","unstructured":"G. Ahmad, A hybrid method for detection and prevention of SQL injection attacks, Computing Conference (London, 2017), pp. 833\u2013838"},{"key":"113_CR23","series-title":"IEEE International Advance Computing Conference (IACC)","first-page":"237","volume-title":"SQLI detection system for a safer web application","author":"P Amith","year":"2015","unstructured":"P. Amith, G. Agneev, M. Amal, S. Mohit, S. Rajashree, SQLI detection system for a safer web application, IEEE International Advance Computing Conference (IACC) (IEEE, Banglore, 2015), pp. 237\u2013240"},{"key":"113_CR24","series-title":"International conference on trends in automation, communications and Computing technology (I-TACT-15)","first-page":"1","volume-title":"An authentication mechanism to prevent SQL injection by syntactic analysis","author":"R Ashwin","year":"2015","unstructured":"R. Ashwin, B. Anirban, V.L. Anand, An authentication mechanism to prevent SQL injection by syntactic analysis, International conference on trends in automation, communications and Computing technology (I-TACT-15) (IEEE, Bangalore, 2015), pp. 1\u20136"},{"key":"113_CR25","series-title":"International Conference on Emerging Trends in Computing, Communication and Nanotechnology (ICECCN)","first-page":"503","volume-title":"An efficient technique for preventing SQL injection attack using pattern","author":"A Prabakar","year":"2013","unstructured":"A. Prabakar, M. KarthiKeyan, K. Marimuthu, An efficient technique for preventing SQL injection attack using pattern, International Conference on Emerging Trends in Computing, Communication and Nanotechnology (ICECCN) (2013), pp. 503\u2013506"},{"key":"113_CR26","series-title":"IEEE Comput Conference","first-page":"833","volume-title":"A hybrid method for detection and prevention of SQL injection attacks","author":"A Ghafarian","year":"2017","unstructured":"A. Ghafarian, A hybrid method for detection and prevention of SQL injection attacks, IEEE Comput Conference (2017), pp. 833\u2013838"},{"key":"113_CR27","series-title":"IEEE international conference on emerging trends in Computing, communication and nanotechnology (ICECCN)","first-page":"503","volume-title":"An efficient technique for preventing SQL injection attack using pattern matching algorithm","author":"P Amutha","year":"2013","unstructured":"P. Amutha, M. KarthiKeyan, K. Marimuthu, An efficient technique for preventing SQL injection attack using pattern matching algorithm, IEEE international conference on emerging trends in Computing, communication and nanotechnology (ICECCN) (2013), pp. 503\u2013506"},{"key":"113_CR28","series-title":"International conference on information and communication Technologies for Education and Training and international conference on Computing in Arabic (ICCA-TICET)","first-page":"1","volume-title":"A novel method for preventing SQL injection using SHA-1 algorithm and syntax-awareness","author":"T Qais","year":"2017","unstructured":"T. Qais, T. Mohammad, I. Jamil, A novel method for preventing SQL injection using SHA-1 algorithm and syntax-awareness, International conference on information and communication Technologies for Education and Training and international conference on Computing in Arabic (ICCA-TICET) (IEEE, Khartoum, 2017), pp. 1\u20134"},{"key":"113_CR29","first-page":"596","volume-title":"SQL injection avoidance for protected database with ASCII using SNORT and honeypot. International conference on advanced communication control and Computing technologies (ICACCCT)","author":"U Utpal","year":"2016","unstructured":"U. Utpal, K. Girish, SQL injection avoidance for protected database with ASCII using SNORT and honeypot. International conference on advanced communication control and Computing technologies (ICACCCT) (IEEE, Ramanathapuram, 2016), pp. 596\u2013599"},{"key":"113_CR30","doi-asserted-by":"crossref","unstructured":"J. Ashish, A. Ajay, B. Manish, An adaptive algorithm to prevent SQL injection. Am. J. Networks Commun., 12\u201315 (2015)","DOI":"10.11648\/j.ajnc.s.2015040301.13"},{"key":"113_CR31","first-page":"755","volume-title":"Algorithm to Prevent Back End Database against SQL Injection Attacks International Comference on Computing for Sustainable Global Development (INDIACom)","author":"M Srivastava","year":"2014","unstructured":"M. Srivastava, Algorithm to Prevent Back End Database against SQL Injection Attacks International Comference on Computing for Sustainable Global Development (INDIACom) (2014), pp. 755\u2013757"},{"key":"113_CR32","first-page":"2782","volume-title":"An application to prevent SQL injection attacks using randomized encription algorithm. International journal of computer trends and technology (IJCTT)","author":"T Pravallica","year":"2013","unstructured":"T. Pravallica, S. Betam, An application to prevent SQL injection attacks using randomized encription algorithm. International journal of computer trends and technology (IJCTT) (2013), pp. 2782\u20132786"},{"key":"113_CR33","series-title":"Symposium on Computer Applications and Industrial Electronics","first-page":"60","volume-title":"Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack","author":"B Geogiana","year":"2014","unstructured":"B. Geogiana, B.A. Kamarularifin, B.H. Fakariah, F.A. Teh, Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack, Symposium on Computer Applications and Industrial Electronics (IEEE, Penang, 2014), pp. 60\u201364"}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-020-00113-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13635-020-00113-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-020-00113-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,17]],"date-time":"2021-08-17T23:27:25Z","timestamp":1629242845000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-020-00113-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,18]]},"references-count":33,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,12]]}},"alternative-id":["113"],"URL":"https:\/\/doi.org\/10.1186\/s13635-020-00113-y","relation":{},"ISSN":["2510-523X"],"issn-type":[{"value":"2510-523X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,8,18]]},"assertion":[{"value":"7 August 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 June 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 August 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that there are no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"14"}}